added beginning of whitelist system

web/server/api/auth/index.js

@@ -3,7 +3,7 @@ export default defineEventHandler(async (event) => {
 
   const config = useRuntimeConfig()
 
-  if (!code) sendRedirect(event, '/', 302)
+  if (!code) return sendRedirect(event, '/', 302)
 
   try {
     const tokenResponseData = await $fetch('https://discord.com/api/oauth2/token', {
@@ -39,7 +39,7 @@ export default defineEventHandler(async (event) => {
 
     await coll.updateOne({ 'discord.id': userResult.id }, { $set: doc, $setOnInsert: { minecraft: { uuid: null, username: null }, team: null } }, { upsert: true })
     
-    const token = createToken(tokenResponseData.access_token, tokenResponseData.refresh_token, tokenResponseData.expires_in)
+    const token = createToken(tokenResponseData.access_token, tokenResponseData.refresh_token, tokenResponseData.expires_in, userResult.id )
 
     setCookie(event, 'jwt', token, { httpOnly: true, maxAge: tokenResponseData.expires_in * 1000 })
   } catch (e) {

web/server/api/minecraft/verifyuuid.js

@@ -0,0 +1,30 @@
+export default defineEventHandler(async (event) => {
+  const auth = getAuth(event)
+
+  const { uuid } = await readBody(event)
+
+  const coll = db.collection('whitelist')
+
+  const doc = await coll.findOne({ uuid: uuid })
+ 
+  if (doc && !doc.verified) return { code: doc.code, verified: false }
+  if (doc && doc.verified) return { verified: true }
+
+  await coll.createIndex({ code: 1 }, { unique: true })
+
+  const code = await insertDoc(coll, uuid)
+
+  return { code: code.toString(), verified: false }
+});
+
+const insertDoc = async (coll, uuid) => {
+  try {
+    const code = Math.floor(100000 + Math.random() * 900000)
+    await coll.insertOne({ uuid: uuid, verified: false, code: code.toString() })
+
+    return code;
+  } catch (e) {
+    const code = await insertDoc(coll, uuid)
+    return code;
+  }
+}

web/server/api/minecraft/whitelist.js

@@ -0,0 +1,22 @@
+export default defineEventHandler(async (event) => {
+  const { code } = await readBody(event)
+
+  if (!code) throw createError({ statusCode: 400, statusMessage: 'Code is required'})
+  
+  const config = useRuntimeConfig()
+  const auth = await getAuth(event)
+
+  const whitelistColl = db.collection('whitelist')
+  const whitelistDoc = await whitelistColl.findOne({ code: code.toString() })
+
+  if (!whitelistDoc) throw createError({ statusCode: 400, statusMessage: 'Code has not been found, join the server first' })
+  if (whitelistDoc && whitelistDoc.verified) throw createError({ statusCode: 400, statusMessage: 'Already verified' })
+  
+  await whitelistColl.updateOne({ code: code.toString() }, { $set: { verified: true } })
+
+  const usersColl = db.collection('users')
+  await usersColl.updateOne({ 'discord.id': auth.discord.id }, { $set: { 'minecraft.uuid': whitelistDoc.uuid } })
+
+
+  return { uuid: whitelistDoc.uuid, verified: false }
+});

web/server/utils/auth.js

@@ -2,11 +2,12 @@ import jwt from 'jsonwebtoken'
 
 const config = useRuntimeConfig()
 
-export const createToken = (accessToken, refreshToken, maxAge) => {
-  return jwt.sign({ accessToken, refreshToken }, config.jwtSecret, {
+export const createToken = (accessToken, refreshToken, maxAge, discordId) => {
+  return jwt.sign({ accessToken, refreshToken, discordId }, config.jwtSecret, {
     expiresIn: maxAge,
   })
 }
+
 export const getAuth = async (event) => {
   const token = getCookie(event, 'jwt') || null
 
@@ -31,20 +32,9 @@ export const getAuth = async (event) => {
     })
   }
   
-  let userResult;
-  try {
-    userResult = await $fetch('https://discord.com/api/users/@me', {
-      headers: {
-        authorization: `Bearer ${decodedToken.accessToken}`
-      }
-    })
-  } catch (e) {
-    console.log(e)
-  }
-
   try {
     const coll = db.collection("users")
-    const user = await coll.findOne({ 'discord.id': userResult.id })
+    const user = await coll.findOne({ 'discord.id': decodedToken.discordId })
 
     return user;
   } catch (err) {